Full Report
Authored by Dexter Shin McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them... The post New HiddenAds malware affects 1M+ users and hides on the Google Play Store appeared first on McAfee Blog.
Analysis Summary
The provided article description is very sparse and primarily consists of navigation and promotional links from the McAfee website, focused on their products and company information, rather than a detailed technical report on a specific threat. However, the initial title identifies the subject matter: **HiddenAds malware**.
Based *only* on the context provided in the description (specifically the title), the summary will focus on the identified malware family.
# Tool/Technique: HiddenAds Malware
## Overview
HiddenAds is a malware family discovered distributing via the Google Play Store, affecting over a million users. Its primary objective appears to be displaying intrusive advertisements.
## Technical Details
- Type: Malware family
- Platform: Android (Inferred from distribution via Google Play Store)
- Capabilities: Displays advertisements, characterized by automatic execution and camouflage to evade detection.
- First Seen: Not explicitly mentioned in the provided context.
## MITRE ATT&CK Mapping
*Note: Specific mappings cannot be determined without technical detail from the article body, but common mappings for adware distributed via app stores are inferred based on the name and description.*
- [TA0001 - Initial Access]
- [T1484 - Compromise Software Supply Chain] (Distribution via Google Play Store)
- [TA0005 - Defense Evasion]
- [T1070 - Indicator Removal: File Deletion] (Inferred evasion methods)
- [TA0011 - Command and Control]
- [T1568 - Dynamic Resolution] (Inferred for ad delivery)
## Functionality
### Core Capabilities
- **Ad Delivery:** Primary function involves serving advertisements to the affected user.
- **Automatic Execution:** The malware is capable of running automatically, likely utilizing specific Android permissions or boot services.
### Advanced Features
- **Hiding Mechanism:** Explicitly described as hiding itself to evade detection on the platform.
## Indicators of Compromise
- File Hashes: [Not available in context]
- File Names: [Not available in context]
- Registry Keys: [Not available in context]
- Network Indicators: [Not available in context]
- Behavioral Indicators: Automatically running intrusive advertisements.
## Associated Threat Actors
- Threat actors associated with this specific campaign are not detailed in the provided context.
## Detection Methods
- Detection usually relies on behavioral analysis within the Android environment, looking for unauthorized ad display initiation or service persistence.
- Signature-based detection would target known components or package names associated with HiddenAds.
- [YARA rules an*alysts create based on file signatures.]
## Mitigation Strategies
- Users should be cautious when installing apps from the Google Play Store, especially those with high download counts but questionable developer reputation.
- Keeping mobile operating systems and applications up to date.
## Related Tools/Techniques
- Other families of mobile adware distributed via official application marketplaces.